Wednesday, May 30, 2012

Cyber-attack concerns raised over Boeing 787 chip's 'back door'

Two Cambridge experts have discovered a "back door" in a computer chip used in military systems and aircraft such as the Boeing 787 that could allow the chip to be taken over via the internet.

The discovery will heighten concerns about the risks of cyber-attacks on sensitive installations, coming on the heels of the discovery this week of the 'Flamer' virus which has been attacking computer systems in Iran, Syria and Saudi Arabia.

In a paper that has been published in draft form online and seen by the Guardian, researchers Sergei Skorobogatov of Cambridge University and Chris Woods of Quo Vadis Labs say that they have discovered a method that a hacker can use to connect to the internals of a chip made by Actel, a US manufacturer.

"An attacker can disable all the security on the chip, reprogram cryptographic and access keys … or permanently damage the device," they noted.

Woods told the Guardian that they have offered all the necessary information about how the hack can be done to government agencies – but that their response is classified.

"The real issue is the level of security that can be compromised through any back door, and how easy they are to find and exploit," Woods said.

The back door may have been inserted by Actel itself, whose ProASIC3 chip is used in medical, automotive, communications and consumer products, as well as military use.

More here: http://www.guardian.co.uk/technology/2012/may/29/cyber-attack-concerns-boeing-chip

Prior to starting ComSec LLC in 2007, Mr. LeaSure was active within the counterespionage, counterterrorism and TSCM fields for 26 years. He has attained the prestigious CCISM, Certified Counterespionage Information Security Management Certification. He also has extensive training, knowledge and experience in the identification of eavesdropping devices, espionage detection methods and the intelligence collection tactics most often employed by perpetrators of electronic espionage.

J.D. LeaSure is also the Director of the Espionage Research Institute International (ERII). As Director, he is tasked with ensuring the organization is successful in its mission to provide continuing education, facilitate professional relationship building and ensure the counterespionage & counterintelligence skill sets of its membership remains current as espionage tactics and devices evolve.